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Amendments to the Claims; 

This listing of claims will replace all prior versions, and listings, of claims in the 
application. 

Listing of Claims 

1 • (Currently Amended) A method to manage secure connections, comprising: 

receiving an initial encrypte d packet tran smitted from an internal node »r,H 
addressed to a secure nort of an external nnd/» ; 

re cording a flow comprising an interna l address anH , security identify 

associated with said initial encrypted mcket in , list t o designj^ a sgcu nggtioji 

between said internal node and said external node; 

receiving as a subsequent encrypted packet having a security identifier and an 
external address that represents a plurality of internal addresses; 

translating said external address by selecting one of said internal addresses 
associated with *«4 a flow recorded in said list that , security identifier «si*g 

*^ that matches said security id ent ify 1 n d a jtl uf L um LU tm identifier of mH 
sub sequent encrypted e ggket; «nH 

communicating said encrypted packet to said selected internal address. 

2. (Previously Presented) The method of claim 1, further comprising: 
searching a list of security identifiers having associated times; 
selecting a security identifier having an earliest time; and 
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retrieving said internal address associated with said selected security identifier. 



3. (Previously Presented) The method of claim 2, further comprising: 
creating said list; and 

searching said created list. 

4. (Previously Presented) The method of claim 3, wherein said creating comprises: 
receiving an encrypted packet having a predetermined sequence number and a 

security identifier from a device associated with one of said internal addresses; 
determining a time said encrypted packet was received; 
associating said time and said internal address with said security identifier; and 
storing said security identifier with said associated time and associated internal 

address. 

5. (Original) The method of claim 1 , wherein said packet is encrypted in accordance 
with the Internet Security Association And Key Management Protocol (ISAKMP). 

6. (Original) The method of claim 1 , wherein said encrypted packet is an Internet 
Protocol (IP) Encapsulating Security Payload (ESP) encrypted packet. 

7. (Previously Presented) The method of claim 1, wherein said security identifier is a 
security parameter index (SPI). 
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8. (Previously Presented) The method of claim I, wherein said security identifier 
represents a tunnel between two devices, and further comprising: 

receiving a message that said encrypted packet was communicated to an incorrect 
internal address; 

determining activity levels for each tunnel terminating at each device represented 
by said plurality of internal addresses; and 

communicating said encrypted packet to an internal address having a tunnel with 
a highest activity level. 

9. (Currently Amended) A method to manage secure connections, comprising: 

creating a list of security identifiers to designate secure connections bv storing 
security identifiers in response to receiving encrypted packets addressed to a secure port 
with each security identifier representing a tunnel terminating at a device having an 
internal address; 

translating each of said internal addresses to an external address; 
receiving an encrypted packet having said external address and a security 
identifier : 

translating said external address by selecting one of said internal addresses 
associated with a security identifier from said list of security identifiers ucing o pet of 
heuristics that match e s said security identifier of said encrypted packet having said 
external address : and 

communicating said encrypted packet to said selected internal address. 
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1 0. (Original) The method of claim 9, wherein said tunnel is created in accordance 
with the Internet Security Association And Key Management Protocol (ISAKMP). 

1 1 . (Original) The method of claim 9, wherein said encrypted packet is an Internet 
Protocol (IP) Encapsulating Security Payload (ESP) encrypted packet. 

1 2. (Previously Presented) The method of claim 9, wherein said security identifier is a 
security parameter index (SPI). 



13. (Previously Presented) The method of claim 9, further comprising: 
searching said list of security identifiers having associated times; 
selecting a security identifier having an earliest time; and 
retrieving said internal address associated with said selected identifier. 



14. (Previously Presented) The method of claim 9, wherein said creating comprises 
receiving an encrypted packet having a security identifier from a device 

associated with one of said internal addresses; 

determining a time said encrypted packet was received; 

associating said time and said internal address with said security identifier; and 

storing said security identifier with said associated time and internal destination 

address. 
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1 5. (Currently Amended) A secure connection manager, comprising: 

a flow module to create a list of security identifiers to designate secure 
connections hy storing security identifiers in mmtm^ t o receiving encrypted packets 
addressed to a secure port , with each security identifier representing a secure flow 
terminating at a device with an internal address; and 

a translation module to select an internal address for an encrypted packet having 
an external address and a security identifier, said internal ^sedated with a 

security identifier from , using said list of security identifiers and a get ofheuujtics that 
matches said security identifier of said encrypted nad.Pt Wi„ e ^jd external a A*„«« 

1 6. (Original) The secure connection manager of claim 15 5 further comprising: 

a cornmunication module to communicate said encrypted packet to said selected 
internal address. 

17. (Currently Amended) A system to manage secure connections, comprising: 
a first network node to send encrypted packets to an external address; 

a second network node to receive said encrypted packets and translate said 
external address to an internal address using a list of security identifiers and^e^f 
heuristics ; and 

a third network node having said internal address to receive said encrypted 
packets^ 

wherein said second network node receive, an initial e n.rv n w tgmsmitted 
from said third network node nnrl nddresssd tn . ^ nort of Mia u ^ 
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said second network node records a flow co mprising an internal address and a security 
identifier associated with said initial encrvnt ed packet in said list of security identifiers tr> 
designate a secure connection between sai d third network node and said first network 
node, and said second network node translat es said external address bv matching a 
security identifier of a encrvnted packet recei ved from said first network node with a 
security ident ifier associated with a flow recorded in said list 

1 8. (Origin al) The system of claim 1 7, wherein said second network node is a router 
configured to perform natural address translation (NAT). 



are 



1 9. (Original) The system of claim 1 7, wherein said first and third network nodes 
configured to communicate using a tunnel created in accordance with the Internet 
Security Association And Key Management Protocol (ISAKMP). 

20. (Original) The system of claim 1 7, wherein said encrypted packets are Internet 
Protocol (IP) Encapsulating Security Payload (ESP) encrypted packets. 

21 . (Original) The system of claim 17, wherein said second network node performs 
said translation using a list of flow identifiers, with each flow identifier representing a 
security parameter index (SPI) and having an associated internal address and receipt time. 

22. (Currently Amended) An article comprising: 

P 

a storage medium; 
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said storage medium including stored instructions that, when executed by a 
processor, result in managing a secure connection by receiving an initial encrypted p acket 
transmitted from an interna | node and addresseri tn a secufe nort oFan external nr>Hp 

recording a flow comprising an internal address an d a security identifier associated with 

said initial encrypted packet in a list to designate a gggjag connection between ™* 

internal node and said external node receiving a* a subsequent encrypted packet having a 

security identifier and an external address that represents a plurality of internal addresses, 

translating said external address by selecting one of said internal addresses associated 

™ th "** a flow ^corded in said list that ^p ri... » security identifier using a tiot of 

that matches said security i dont ifw n nd a get of lu . iu i„t i m identifier of said ..h^,,^ 

gn crypted packet, and communicating said encrypted packet to said selected internal 
address. 



23. (Previously Presented) The article of claim 22, wherein the stored instructions, 
when executed by a processor, further result in selecting one of said internal addresses by 
searching a list of security identifiers having associated times, selecting a security 
identifier having an earliest time, and retrieving said internal address associated with said 
selected security identifier. 

24. (Previously Presented) The article of claim 23, wherein the stored instructions, 
when executed by a processor, further result in searching said list of security identifiers 
by creating said list, and searching said created list. 
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25. (Previously Presented) The article of claim 24, wherein the stored instructions, 
when executed by a processor, further result in creating said list by receiving an 
encrypted packet having a predetermined sequence number and a security identifier from 
a device associated with one of said internal addresses, determining a time said encrypted 
packet was received, associating said time and said internal address with said security 
identifier, and storing said security identifier with said associated time and associated 
internal address. 

26. (Currently Amended) An article comprising: 
a storage medium; 

said storage medium including stored instructions that, when executed by a 
processor, result in managing secure connections by creating a list of security identifiers 
to designate secure connections bv storing security identifiers in response to receiving 
encrypted packets addressed to a secure port , with each security identifier representing a 
tunnel terminating at a device having an internal address, translating each of sajd internal 
addresses to an external address, receiving an encrypted packet having said external 
address and a security identifier , translating said external address by selecting one of said 
internal addresses associated with a security identifier from said list of security identifiers 
using a s e t of heuristics that matches said security identifier of said encrypted packet 
having said external address , and communicating said encrypted packet to said selected 
internal address. 
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27. (Previous* Presented) „ articfc Qf daim 26> wterejn ^ s(ored 
when executed by a p„, tesu| , „ ^ _ ^ ^ ^ 

searching ^ Us, of security idlers having associated rimes, selecttag . ^ 
identifier having „ earnest rime, and retrieving said interna, address associated with said 
selected security identifier. 



(Ptevious.y Presented) The arric.e of cfain, 26, wherein the s,o re d insfrucfions, 
when executed by a processor, further resuf, i„ creating said Us, of accord identifiers hy 
receiving an encrypted packe, having a security identifier front a device associated « 
one of said interna, addresses, detenuining a „ rae said encryp,ed packe, waa rccefved, 
associating said toe and said internal addtess with said security identifier, and storing 
-M *curi.y identifier with said associated rime and interna, destination addreaa. 
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